astx_setup.exe

Status: finished

Submission Time: 2022-11-28 13:39:49 +01:00

Suspicious

Ransomware

Trojan

Evader

GuLoader

Comments

Details

Analysis ID:
755221
API (Web) ID:
1122497
Analysis Started:

2022-11-28 13:39:54 +01:00
Analysis Finished:

2022-11-28 13:53:55 +01:00
MD5:
7dd75b2c2e214c0347df3dc137161b19
SHA1:
072a03d9279d3ecbdb5a76c70a862a75fb50d95b
SHA256:
06f360d2a25c75619cb769f56ced75d3d92cd339cb3ec2e3aa9c642ba6f3158f
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	suspicious Score: 34	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Domains

Name	IP	Detection
webclinic.ahnlab.com.cdngc.net	101.79.212.66
gms.wip.ahnlab.com	34.249.110.217
webclinic.ahnlab.com	0.0.0.0
Click to see the 1 hidden entries
gms.ahnlab.com	0.0.0.0

URLs

Name	Detection
http://www.phreedom.org/md5)0
http://%1/CertEnroll/%3%8%9.crlfile://
http://www.firmaprofesional.com/cps0
Click to see the 97 hidden entries
http://cps.chambersign.org/cps/chambersroot.html0
http://ocsp.entrust.net03
http://ocsp.sectigo.com0
http://fedir.comsign.co.il/crl/ComSignCA.crl0
http://crl.netsolssl.com/NetworkSolutionsCertificateAuthority.crl0
http://www.aarongifford.com/
http://%1/CertEnroll/%1_%3%4.crtfile://
http://gladman.plushost.co.uk/oldsite/AES/index.php
http://crl.entrust.net/2048ca.crl0
http://www.trustcenter.de/crl/v2/tc_class_2_ca_II.crl
http://wakaba.c3.cx/s/apps/unarchiver.html
https://www.netlock.net/docs
https://mgactivation.ahnlab.com/api/auth/v1/healthcheck
http://www.pkioverheid.nl/policies/root-policy-G20
http://www.openssl.org/)
http://www.firmaprofesional.com0
http://www.trustdst.com/certificates/policy/ACES-index.html0
https://github.com/wycats/handlebars.js
http://www.quovadis.bm0
http://www.info-zip.org/
http://www.7-zip.org/sdk.html
http://crl.xrampsecurity.com/XGCA.crl0
http://www.wavpack.com/
http://www.zlib.net/zlib_license.html
http://mattmahoney.net/dc/zpaq.html
http://cps.chambersign.org/cps/chambersignroot.html0
http://www.winace.com/
http://ocsp.entrust.net0D
https://ocsp.quovadisoffshore.com0
https://github.com/wycats/handlebars.js)
https://%1/CertEnroll/nsrev_%3.aspldap:///CN=%7%8
http://www.e-szigno.hu/SZSZ/0
https://gactivation.ahnlab.com/api/auth/v1/activate/client
http://www.valicert.com/1
https://seed.kisa.or.kr/iwt/ko/sup/EgovLeaInfo.do
http://crl.chambersign.org/chambersignroot.crl0
http://ncompress.sourceforge.net/
http://www.quovadisglobal.com/cps0
http://www.e-szigno.hu/RootCA.crt0
http://crl.thawte.com/ThawteTimestampingCA.crl0
http://download.ahnlab.com/down/ahnreport/AhnRpt.exe
http://www.bzip.org/downloads.html
http://mozilla.org/MPL/2.0/.
http://crl.securetrust.com/STCA.crl0
https://code.bandisoft.com
http://tss-geotrust-crl.thawte.com/ThawteTimestampingCA.crl0
http://crl.securetrust.com/SGCA.crl0
https://mgactivation.ahnlab.com/api/auth/v1/activate/client
https://mgactivation.ahnlab.com/api/auth/v1/activate/relay
http://policy.camerfirma.com0
http://json.org/).
http://sourceforge.jp/projects/lha/
http://www.sk.ee/cps/0
http://www.disig.sk/ca/crl/ca_disig.crl0
http://www.certplus.com/CRL/class2.crl0
http://yuilibrary.com/license/
http://sourceforge.net/p/infozip/patches/18/
http://ca.disig.sk/ca/crl/ca_disig.crl0
http://www.trustcenter.de/crl/v2/tc_class_3_ca_II.crl
http://www.phreedom.org/md5)MD5
http://ocsp.pki.gva.es0
https://jp.ahnlab.com/site/support/qna/qnaAddForm2.do;
http://www.info-zip.org/pub/infozip/license.html.
http://repository.swisssign.com/0
http://www.pkioverheid.nl/policies/root-policy0
http://www.diginotar.nl/cps/pkioverheid0
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
http://www.compression.ru/ds/
http://www.chambersign.org1
http://www.certifikat.dk/repository0
https://gactivation.ahnlab.com/api/auth/v1/activate/relay
http://crl.chambersign.org/chambersroot.crl0
http://acedicom.edicomgroup.com/doc0
http://www.sk.ee/juur/crl/0
http://www.symauth.com/rpa00
http://www.e-szigno.hu/RootCA.crl
http://www.disig.sk/ca0f
https://www.catcert.net/verarrel
http://site.icu-project.org/
http://www.entrust.net/CRL/net1.crl0
https://opensource.ahnlab.com
https://gactivation.ahnlab.com/api/auth/v1/healthcheck
https://code.bandisoft.com/
http://www.rarlab.com/rar_add.htm
http://mathiasbynens.be/
http://fedir.comsign.co.il/crl/ComSignSecuredCA.crl0
http://www.symauth.com/cps0(
http://broofa.com/
http://nsis.sf.net/NSIS_ErrorError
http://www.aescrypt.com/
http://javascript.nwbox.com/IEContentLoaded/)
https://mgactivation.ahnlab.com/api/auth/v1/activate/relayhttps://mgactivation.ahnlab.com/api/auth/v
http://crl.pki.wellsfargo.com/wsprca.crl0
http://www.certicamara.com/dpc/0Z
https://github.com/necolas/normalize.css/
http://crl.oces.certifikat.dk/oces.crl0
http://www.phreedom.org/md5)

Dropped files

Name	File Type	Hashes
C:\Program Files\AhnLab\Safe Transaction\NetRule\tnnipsig.rul	data	#
C:\Program Files\AhnLab\Safe Transaction\MeD\Definition\msg.dat	data	#
C:\Program Files\AhnLab\Safe Transaction\DB\defcfg.db	data	#
Click to see the 97 hidden entries
C:\Program Files\AhnLab\Safe Transaction\MeD\Definition\geo.asd	data	#
C:\Program Files\AhnLab\Safe Transaction\MeD\Definition\gof.dat	data	#
C:\Program Files\AhnLab\Safe Transaction\MFC90CHT.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	#
C:\Program Files\AhnLab\Safe Transaction\MFC90ESN.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	#
C:\Program Files\AhnLab\Safe Transaction\MFC90CHS.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	#
C:\Program Files\AhnLab\Safe Transaction\IAccessible2Proxy.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Program Files\AhnLab\Safe Transaction\HsbCtl.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Program Files\AhnLab\Safe Transaction\DefPly\starter_ply.ui	Microsoft Cabinet archive data, single, 326717 bytes, 1 file, at 0x44 +AX "starter_ply.html.new", flags 0x4, number 1, extra bytes 20 in head, 10 datablocks, 0 compression	#
C:\Program Files\AhnLab\Safe Transaction\DefPly\ply_ver.ui	Microsoft Cabinet archive data, single, 137 bytes, 1 file, at 0x44 +AX "ply_ver.html.new", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0 compression	#
C:\Program Files\AhnLab\Safe Transaction\DefPly\netizen_ply_default.ui	Microsoft Cabinet archive data, single, 7101 bytes, 1 file, at 0x44 +AX "netizen_ply_default.html.new", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0 compression	#
C:\Program Files\AhnLab\Safe Transaction\DefPly\extraopn_ply.ui	Microsoft Cabinet archive data, single, 90334 bytes, 1 file, at 0x44 +AX "extraopn_ply.html.new", flags 0x4, number 1, extra bytes 20 in head, 3 datablocks, 0 compression	#
C:\Program Files\AhnLab\Safe Transaction\DB\nzdefcfg.db	data	#
C:\Program Files\AhnLab\Safe Transaction\DB\nzcmncfg.db	data	#
C:\Program Files\AhnLab\Safe Transaction\DB\ipcntry.db	SQLite 3.x database, last written using SQLite version 3014002, file counter 2, database pages 1127, cookie 0x1, schema 4, UTF-8, version-valid-for 2	#
C:\Program Files\AhnLab\Safe Transaction\Core.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Program Files\AhnLab\Safe Transaction\Cert\nss\ssl3.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Program Files\AhnLab\Safe Transaction\Cert\nss\sqlite3.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Program Files\AhnLab\Safe Transaction\Cert\nss\softokn3.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Program Files\AhnLab\Safe Transaction\Cert\nss\smime3.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Program Files\AhnLab\Safe Transaction\Cert\nss\nssutil3.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Program Files\AhnLab\Safe Transaction\Cert\nss\nssdbm3.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Program Files\AhnLab\Safe Transaction\Cert\nss\nssckbi.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Program Files\AhnLab\Safe Transaction\Cert\nss\nss3.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Program Files\AhnLab\Safe Transaction\Cert\nss\msvcr100.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Program Files\AhnLab\Safe Transaction\MeD\Definition\libcrypto-1_1-x64.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Program Files\AhnLab\Safe Transaction\Nz32\MFC90CHT.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Program Files\AhnLab\Safe Transaction\Nz32\MFC90CHS.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Program Files\AhnLab\Safe Transaction\Nz32\IAccessible2Proxy32.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Program Files\AhnLab\Safe Transaction\Nz32\HsbCtl32.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Program Files\AhnLab\Safe Transaction\Nz32\AhnI2.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Program Files\AhnLab\Safe Transaction\NetRule\tnnipprt.rul	data	#
C:\Program Files\AhnLab\Safe Transaction\Microsoft.VC90.MFC.manifest	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (2003), with CRLF line terminators	#
C:\Program Files\AhnLab\Safe Transaction\Microsoft.VC90.CRT.manifest	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (1506), with CRLF line terminators	#
C:\Program Files\AhnLab\Safe Transaction\MeD\Definition\wlist.asd	data	#
C:\Program Files\AhnLab\Safe Transaction\MeD\Definition\uh.dat	data	#
C:\Program Files\AhnLab\Safe Transaction\MeD\Definition\mdp.scd	data	#
C:\Program Files\AhnLab\Safe Transaction\MFC90DEU.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	#
C:\Program Files\AhnLab\Safe Transaction\MUpdate2\msvcr90.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Program Files\AhnLab\Safe Transaction\MUpdate2\msvcp90.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Program Files\AhnLab\Safe Transaction\MUpdate2\Microsoft.VC90.CRT.manifest	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (1506), with CRLF line terminators	#
C:\Program Files\AhnLab\Safe Transaction\MFC90KOR.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	#
C:\Program Files\AhnLab\Safe Transaction\MFC90JPN.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	#
C:\Program Files\AhnLab\Safe Transaction\MFC90ITA.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	#
C:\Program Files\AhnLab\Safe Transaction\MFC90FRA.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	#
C:\Program Files\AhnLab\Safe Transaction\MFC90ESP.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	#
C:\Program Files\AhnLab\Safe Transaction\Cert\nss\libplds4.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Program Files\AhnLab\Safe Transaction\MFC90ENU.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	#
C:\Program Files\AhnLab\Safe Transaction\AHC\asdf.sld.ahc	Microsoft Cabinet archive data, single, 171 bytes, 1 file, at 0x44 +AX "asdf.sld.ahf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0 compression	#
C:\Program Files\AhnLab\Safe Transaction\ASDSvc.exe	PE32+ executable (GUI) x86-64, for MS Windows	#
C:\Program Files\AhnLab\Safe Transaction\ASDCr.exe	PE32+ executable (GUI) x86-64, for MS Windows	#
C:\Program Files\AhnLab\Safe Transaction\ASDCli.exe	PE32+ executable (GUI) x86-64, for MS Windows	#
C:\Program Files\AhnLab\Safe Transaction\AMonLWLH.sys	PE32+ executable (native) x86-64, for MS Windows	#
C:\Program Files\AhnLab\Safe Transaction\AMonLWLH.inf	Windows setup INFormation	#
C:\Program Files\AhnLab\Safe Transaction\AMonLWLH.cat	data	#
C:\Program Files\AhnLab\Safe Transaction\ALWFCtrl.Dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Program Files\AhnLab\Safe Transaction\AKDVE.EXE	PE32+ executable (console) x86-64, for MS Windows	#
C:\Program Files\AhnLab\Safe Transaction\AHC\product.dat.ahc	Microsoft Cabinet archive data, single, 150 bytes, 1 file, at 0x44 +AX "product.dat.ahf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0 compression	#
C:\Program Files\AhnLab\Safe Transaction\AHC\drvinfo.ini.ahc	Microsoft Cabinet archive data, single, 174 bytes, 1 file, at 0x44 +AX "drvinfo.ini.ahf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0 compression	#
C:\Program Files\AhnLab\Safe Transaction\AHC\ckwcfg.dat.ahc	Microsoft Cabinet archive data, single, 173 bytes, 1 file, at 0x44 +AX "ckwcfg.dat.ahf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0 compression	#
C:\Program Files\AhnLab\Safe Transaction\AHC\asdsr.dat.ahc	Microsoft Cabinet archive data, single, 172 bytes, 1 file, at 0x44 +AX "asdsr.dat.ahf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0 compression	#
C:\Program Files\AhnLab\Safe Transaction\ASDUp.exe	PE32+ executable (GUI) x86-64, for MS Windows	#
C:\Program Files\AhnLab\Safe Transaction\AHC\X86\msvcr90.dll.ahc	Microsoft Cabinet archive data, single, 150 bytes, 1 file, at 0x44 +AX "msvcr90.dll.ahf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0 compression	#
C:\Program Files\AhnLab\Safe Transaction\AHC\X86\msvcp90.dll.ahc	Microsoft Cabinet archive data, single, 150 bytes, 1 file, at 0x44 +AX "msvcp90.dll.ahf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0 compression	#
C:\Program Files\AhnLab\Safe Transaction\AHC\X64\msvcr90.dll.ahc	Microsoft Cabinet archive data, single, 150 bytes, 1 file, at 0x44 +AX "msvcr90.dll.ahf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0 compression	#
C:\Program Files\AhnLab\Safe Transaction\AHC\X64\msvcp90.dll.ahc	Microsoft Cabinet archive data, single, 150 bytes, 1 file, at 0x44 +AX "msvcp90.dll.ahf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0 compression	#
C:\Program Files\AhnLab\Safe Transaction\AHC\Ark64lgplv2.dll.ahc	Microsoft Cabinet archive data, single, 178 bytes, 1 file, at 0x44 +AX "Ark64lgplv2.dll.ahf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0 compression	#
C:\Program Files\AhnLab\Safe Transaction\AHC\Ark64algplv2.dll.ahc	Microsoft Cabinet archive data, single, 179 bytes, 1 file, at 0x44 +AX "Ark64algplv2.dll.ahf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0 compression	#
C:\Program Files\AhnLab\Safe Transaction\AHC\Ark64a.dll.ahc	Microsoft Cabinet archive data, single, 173 bytes, 1 file, at 0x44 +AX "Ark64a.dll.ahf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0 compression	#
C:\Program Files\AhnLab\Safe Transaction\AHC\Ark64.dll.ahc	Microsoft Cabinet archive data, single, 172 bytes, 1 file, at 0x44 +AX "Ark64.dll.ahf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0 compression	#
C:\Program Files\AhnLab\Safe Transaction\AHC\Ark32lgplv2.dll.ahc	Microsoft Cabinet archive data, single, 178 bytes, 1 file, at 0x44 +AX "Ark32lgplv2.dll.ahf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0 compression	#
C:\Program Files\AhnLab\Safe Transaction\AHC\Ark32.dll.ahc	Microsoft Cabinet archive data, single, 172 bytes, 1 file, at 0x44 +AX "Ark32.dll.ahf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0 compression	#
C:\Program Files\AhnLab\Safe Transaction\AHAWKENT.SYS	PE32+ executable (native) x86-64, for MS Windows	#
C:\Program Files\AhnLab\Safe Transaction\BldInfo.ini	ASCII text, with CRLF line terminators	#
C:\Program Files\AhnLab\Safe Transaction\Cert\nss\libplc4.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Program Files\AhnLab\Safe Transaction\Cert\nss\libnspr4.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Program Files\AhnLab\Safe Transaction\Cert\nss\freebl3.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Program Files\AhnLab\Safe Transaction\Cert\nss\certutil.exe	PE32 executable (console) Intel 80386, for MS Windows	#
C:\Program Files\AhnLab\Safe Transaction\Cert\certutil_.exe	PE32 executable (console) Intel 80386, for MS Windows	#
C:\Program Files\AhnLab\Safe Transaction\Cert\certadm.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Program Files\AhnLab\Safe Transaction\Cert\ca2.der	Certificate, Version=3, Serial=009c786262fd7479bd, not-valid-before=2015-06-18 04:03:24 GMT, not-valid-after=2038-06-12 04:03:24 GMT	#
C:\Program Files\AhnLab\Safe Transaction\Cert\ca.der	Certificate, Version=3, Serial=00d01329e89a358cfe, not-valid-before=2015-06-18 04:03:23 GMT, not-valid-after=2038-06-12 04:03:23 GMT	#
C:\Program Files\AhnLab\Safe Transaction\Cert\astx.inf	Windows setup INFormation	#
C:\Program Files\AhnLab\Safe Transaction\CdmCtrl.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Program Files\AhnLab\Safe Transaction\CdmAPI.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Program Files\AhnLab\Safe Transaction\BtScnCtl.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Program Files\AhnLab\Safe Transaction\AHAWKE.DLL	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Program Files\AhnLab\Safe Transaction\Av.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Program Files\AhnLab\Safe Transaction\AupASD.exe	PE32+ executable (GUI) x86-64, for MS Windows	#
C:\Program Files\AhnLab\Safe Transaction\AtamptU.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Program Files\AhnLab\Safe Transaction\Ark64lgplv2.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Program Files\AhnLab\Safe Transaction\Ark64.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Program Files\AhnLab\Safe Transaction\AhnI2.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Program Files\AhnLab\Safe Transaction\AhnCtlKD.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Program Files\AhnLab\Safe Transaction\ATamptNt.sys	PE32+ executable (native) x86-64, for MS Windows	#
C:\Program Files\AhnLab\Safe Transaction\ATampt.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Program Files\AhnLab\Safe Transaction\ASDi.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Program Files\AhnLab\Safe Transaction\ASDWsc.exe	PE32+ executable (GUI) x86-64, for MS Windows	#

astx_setup.exe

Comments

Tags

Available tags:

Details

Joe Sandbox

Domains

URLs

Dropped files

astx_setup.exe Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Domains

URLs

Dropped files

Search started

astx_setup.exe